Microsoft Windows Server 2022 Update Version OS Build 20348.5256

Views
3

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

KB5094128 for Windows Server 2022 (OS Build 20348.5256) delivers security fixes, quality improvements, and non-security updates from KB5087545. It also includes a servicing stack update, Secure Boot enhancements, and fixes for File Explorer, fonts, and Windows Security app status. Reference IDs: KB5094147, KB5070884, CVE-2025-59287.

Update Details

Security

  • Includes the latest security fixes for Windows Server 2022.
  • Secure Boot rollout improvements increase coverage for devices eligible to receive new Secure Boot certificates.
  • Adds the LimitSecureBootRequiredServiceData Group Policy and MDM setting to reduce Secure Boot service data sent to Microsoft.
  • WSUS synchronization error details are temporarily removed to address the Remote Code Execution vulnerability, CVE-2025-59287.

Bug Fixes

  • Improves File Explorer search, including Chinese text and UTF-8 files without a BOM, with clearer text in results, Content view, and tooltips.
  • Improves Windows fonts by adding the Saudi Riyal currency symbol.
  • Improves real-time Secure Boot status visibility and reliability in the Windows Security app.
  • Includes servicing stack quality improvements in KB5094147.

New Features

  • Adds the LimitSecureBootRequiredServiceData Group Policy and MDM setting under Secure Boot.
  • Windows Security app now shows real-time Secure Boot status updates.

Known Issues

  • Devices with an unrecommended BitLocker Group Policy configuration may be prompted for the BitLocker recovery key on the first restart after installation.
  • WSUS does not display synchronization error details after KB5070884 or later updates.

Hints

  • Administrators should audit BitLocker policies for explicit PCR7 inclusion and check msinfo32.exe for PCR7 binding status before installing this update.
  • Recommended workaround for the BitLocker issue: set the BitLocker TPM validation policy to Not Configured, run gpupdate /force, then suspend and re-enable BitLocker on the OS drive.
  • If previous updates are already installed, only the new updates in this package will be downloaded and installed.
  • Secure Boot certificates used by most Windows devices are set to expire starting in June 2026; updated certificates continue to be delivered through Windows Update.
Product Information

Vendor: Microsoft

Product: Windows Server 2022

Version: OS Build 20348.5256

Release date: Jun 9, 2026

View All Updates